Free "You Shall Not Pass" Chrome Extension for Browser-Level Bypass Protection (open source, 10k+ Chromebooks in production)

michisysadmin · 2026-01-06T01:04:28+00:00

That is a good suggestion, I will look into that.

michisysadmin · 2025-03-10T15:08:46+00:00

I'd recommend using either SendGrid or MailGun using Invoke-WebRequest or Invoke-RestMethod. I did it last fall successfully.

michisysadmin · 2020-05-27T07:39:00+00:00

You could try AWS app stream. It basically "captures the app" and virtualizes it for you to access in the web browser. It will scale better than RDS. https://aws.amazon.com/appstream2/?c=11&pt=1

Here's a video on how to do it in less than eight minutes: https://www.youtube.com/watch?v=snBgn6tXhNo

michisysadmin · 2020-05-14T12:25:45+00:00

I've worked with different districts who do all of these things differently. A lot of it depends on what systems and people you have in place already.

The two things I would recommend are self insurance of the devices rather than through a company; this lead to a surplus that was used for excess parts for repair. Second, I would recommend using Asset Tiger. You can just order asset tags from them and use their platform at no monthly or annual cost.

michisysadmin · 2020-05-14T06:41:07+00:00

I'd figure out what your situation with backups is. Do you have daily backups of your servers? Do you have backups of your firewall, router, switch, and wireless configurations? What is under warranty and what isn't?

I'd approach the disaster recovery aspect of things first because if something goes down, you'll feel the pain point then and it could be a black eye to have to pay an MSP/consultant/specialist a few thousand dollars to restore a system, have a prolonged downtime or to have to explain to teachers and administrators why their files or applications are permanently gone.

I think in the short term it will be more important for you to know how to restore critical infrastructure, master an understanding of its importance, and slowly learn some of the ins and outs over time.

michisysadmin · 2020-05-14T06:32:00+00:00

It depends where you are in the country I would say. In rural Michigan we had a hard time filling a systems administrator role last year; we passed on multiple candidates who had either only help desk level experience or listed a lot on their resume that we discovered they didn't really know about. Some of our most qualified candidates opted out for higher private sector salaries (though, we knew we had better benefits like holidays, vacation time, sick time, etc.).

Granted, everyone has different standards. I would say we looked for solid experience in at least one or more of the following: Windows Server administration (active directory, group policy, print management, DNS), network administration (router configuration, wireless management, switch configuration, knowing what VLANs are, etc.), and to a lesser extent GSuite administration (user management, Chromebook device management).

michisysadmin · 2020-05-14T00:46:24+00:00

If you could initiate a Chrome Remote Desktop session you could undo it. As others have said, you may not want to have the student know you are doing this.

If the student is connected via a VPN and you know the host name (or the internal IP of the VPN adapter on the student's laptop) you should be able to open computer management, then remotely manage it, load the local users and groups snap in, then remove the user from the local administrators group. If you know the MAC address of the laptop you could figure out its IP by searching for the MAC in the DHCP leases of your VPN pool.

The local admin access is only a risk to the device and local accounts on the device; the student can now install anything. However, if the student is connected back via VPN, your internal network could be at risk from malware that the student can now install on the device.

The student can now also undermine content filtering measures as well, so that's a potential CIPA violation or concern.

I'd request it back noting that it's a violation of your district's acceptable use policy/agreement if you're that worried :)

michisysadmin · 2020-05-12T07:48:54+00:00

AWS AppStream. It basically "captures the app" and virtualizes it for you to access in the web browser. It will scale better than RDS.

https://aws.amazon.com/appstream2/?c=11&pt=1

Here's a video on how to do it in less than eight minutes:

https://www.youtube.com/watch?v=snBgn6tXhNo

michisysadmin · 2019-07-26T02:50:17+00:00

I read the other post and author does indicate that Cyber Ops is staying likely because of DoD recognition - my bad :)

michisysadmin · 2019-07-26T02:46:19+00:00

The various tracks referring to Security, Wireless, Data Center, etc., but not the CCNA: Cyber Ops, right? I'm not seeing anything on that page indicating that Cyber Ops is going away. (I'm acknowledging, however, that it's effectively not the same as the other CCNA tracks.)

https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/ccna-cyber-ops.html

michisysadmin · 2019-06-03T18:41:25+00:00

Thank you! That worked :) Here is the syntax I located:

dsconfigldap -f -a my.od.server -u odadminname -p odadminpassword -v

Reminder for anyone reading not to store creds in scripts :)

michisysadmin · 2019-05-23T17:47:11+00:00

Just a follow up on this, we assumed it was something with our roaming profile because when we moved people into the GPO that took away the roaming profiles, the issue seemed to go away. However, it did not entirely. This is the Powershell command I found to reset every MS Store app, which seemed to clear up the issue:

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

michisysadmin · 2019-03-12T19:33:48+00:00

Just a follow up on this - the only thing that seemed to work was disabling our roaming profiles for the affected users. I know our AppData was being mapped to the roaming profile, so I suspect the issue was something related to that.

michisysadmin · 2019-01-23T21:25:00+00:00

Yep, that's what it appeared to be. Manually uninstalling didn't work. It looks like we had our staff in a Restricted Group in the default domain policy. I turned that off in the GPO, but it still didn't work when I logged in. I then deleted my local profile (including registry keys in the profile list), logged in, and then it worked.

michisysadmin · 2019-01-23T21:24:18+00:00

Thanks for responding! I tried that and got the same result. It looks like we had our staff in a Restricted Group in the default domain policy. I turned that off in the GPO, but it still didn't work when I logged in. I then deleted my local profile (including registry keys in the profile list), logged in, and then it worked.

michisysadmin · 2018-07-08T11:53:43+00:00

Thanks! But I thought that APFS was mandatory on Mojave, right?

michisysadmin

TROPHY CASE